Ga naar inhoud

chr155y

Lid
  • Items

    32
  • Registratiedatum

  • Laatst bezocht

chr155y's prestaties

  1. Soms he... lossen problemen zichzelf op... Gisteren is er bij ons ingebroken en is oa. mijn laptop meegenomen. Dus: nieuwe laptop en Java werkt weer als een zonnetje... Desondanks iedereen bedankt voor het meedenken!
  2. Dat met die verborgen mappen had ik al gevonden. Appdata nu ook maar vind daar niks van Java terug...
  3. Ik heb gezocht via zoeken, omdat ik anders niet wist noe ik bij application data etc. moest komen, maar het mag niet baten... Blijf dezelfde foutmeldingen houden
  4. ComboFix 11-07-08.03 - Chrissy 10-07-2011 13:54:48.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3002.1486 [GMT 2:00] Gestart vanuit: c:\users\Chrissy\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Chrissy\Desktop\CFScript.txt SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))) . . 2011-07-10 12:05 . 2011-07-10 12:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-29 16:26 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll 2011-06-26 10:01 . 2011-06-26 10:01 388096 ----a-r- c:\users\Chrissy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-19 07:37 . 2011-06-19 07:37 -------- d-----w- C:\PFiles 2011-06-17 15:28 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-17 15:28 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-17 15:28 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-17 15:28 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-17 15:28 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-13 07:49 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-06-12 01:39 . 2011-06-12 01:39 -------- d-----w- c:\program files\Windows Portable Devices 2011-06-12 01:21 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2011-06-12 01:21 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-06-12 01:21 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2011-06-12 01:19 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2011-06-12 01:18 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2011-06-12 01:18 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2011-06-12 01:18 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2011-06-12 01:18 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2011-06-12 01:18 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe 2011-06-12 01:18 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll 2011-06-12 01:12 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2011-06-12 01:12 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2011-06-12 01:12 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2011-06-12 01:12 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2011-06-12 01:08 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2011-06-12 01:08 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2011-06-12 01:08 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2011-06-12 01:08 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll 2011-06-12 01:08 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-06-12 01:08 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-06-12 01:08 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-06-12 01:08 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll 2011-06-12 01:08 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2011-06-12 01:08 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2011-06-12 01:08 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-06-12 01:08 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll 2011-06-12 01:03 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-06-12 01:03 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-06-12 01:03 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2011-06-12 01:00 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll 2011-06-11 11:59 . 2011-06-11 12:00 -------- d-----w- c:\windows\system32\ca-ES 2011-06-11 11:59 . 2011-06-11 12:00 -------- d-----w- c:\windows\system32\eu-ES 2011-06-11 11:59 . 2011-06-11 12:00 -------- d-----w- c:\windows\system32\vi-VN 2011-06-11 11:52 . 2009-06-03 18:43 483840 ------w- c:\windows\system32\stapi32.dll 2011-06-11 08:09 . 2011-06-11 08:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-28 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-02-01 126976] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-17 20:30 136176 ----atw- c:\users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-28 09:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-07-26 36640] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664] R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560] R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848] R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-23 365952] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 16:30] . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 16:30] . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604607851-1700961433-3217656771-1000Core.job - c:\users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-24 20:30] . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604607851-1700961433-3217656771-1000UA.job - c:\users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-24 20:30] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-10 14:05 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . [0] 0x00000512 . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2011-07-10 14:07:59 ComboFix-quarantined-files.txt 2011-07-10 12:07 ComboFix2.txt 2011-07-10 09:50 ComboFix3.txt 2011-07-09 12:47 . Pre-Run: 136.034.779.136 bytes beschikbaar Post-Run: 136.012.320.768 bytes beschikbaar . - - End Of File - - 4C1B5D383D1C60AC8ADC20FABA5FD8A9 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:09:17, on 10-7-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\Dwm.exe C:\Program Files\Spotify\spotify.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wuauclt.exe C:\Windows\system32\conime.exe C:\Windows\PEV.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 7269 bytes ---------- Post toegevoegd om 12:10 ---------- Vorige post was om 12:09 ---------- ComboFix 11-07-08.03 - Chrissy 10-07-2011 13:54:48.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3002.1486 [GMT 2:00] Gestart vanuit: c:\users\Chrissy\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Chrissy\Desktop\CFScript.txt SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))) . . 2011-07-10 12:05 . 2011-07-10 12:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-29 16:26 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll 2011-06-26 10:01 . 2011-06-26 10:01 388096 ----a-r- c:\users\Chrissy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-19 07:37 . 2011-06-19 07:37 -------- d-----w- C:\PFiles 2011-06-17 15:28 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-17 15:28 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-17 15:28 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-17 15:28 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-17 15:28 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-13 07:49 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-06-12 01:39 . 2011-06-12 01:39 -------- d-----w- c:\program files\Windows Portable Devices 2011-06-12 01:21 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2011-06-12 01:21 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-06-12 01:21 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2011-06-12 01:19 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2011-06-12 01:18 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2011-06-12 01:18 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2011-06-12 01:18 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2011-06-12 01:18 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2011-06-12 01:18 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe 2011-06-12 01:18 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll 2011-06-12 01:12 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2011-06-12 01:12 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2011-06-12 01:12 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2011-06-12 01:12 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2011-06-12 01:08 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2011-06-12 01:08 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2011-06-12 01:08 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2011-06-12 01:08 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll 2011-06-12 01:08 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-06-12 01:08 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-06-12 01:08 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-06-12 01:08 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll 2011-06-12 01:08 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2011-06-12 01:08 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2011-06-12 01:08 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-06-12 01:08 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll 2011-06-12 01:03 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-06-12 01:03 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-06-12 01:03 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2011-06-12 01:00 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll 2011-06-11 11:59 . 2011-06-11 12:00 -------- d-----w- c:\windows\system32\ca-ES 2011-06-11 11:59 . 2011-06-11 12:00 -------- d-----w- c:\windows\system32\eu-ES 2011-06-11 11:59 . 2011-06-11 12:00 -------- d-----w- c:\windows\system32\vi-VN 2011-06-11 11:52 . 2009-06-03 18:43 483840 ------w- c:\windows\system32\stapi32.dll 2011-06-11 08:09 . 2011-06-11 08:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-28 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-02-01 126976] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-17 20:30 136176 ----atw- c:\users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-28 09:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-07-26 36640] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664] R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560] R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848] R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-23 365952] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 16:30] . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 16:30] . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604607851-1700961433-3217656771-1000Core.job - c:\users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-24 20:30] . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604607851-1700961433-3217656771-1000UA.job - c:\users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-24 20:30] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-10 14:05 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . [0] 0x00000512 . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2011-07-10 14:07:59 ComboFix-quarantined-files.txt 2011-07-10 12:07 ComboFix2.txt 2011-07-10 09:50 ComboFix3.txt 2011-07-09 12:47 . Pre-Run: 136.034.779.136 bytes beschikbaar Post-Run: 136.012.320.768 bytes beschikbaar . - - End Of File - - 4C1B5D383D1C60AC8ADC20FABA5FD8A9 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:09:17, on 10-7-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\Dwm.exe C:\Program Files\Spotify\spotify.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wuauclt.exe C:\Windows\system32\conime.exe C:\Windows\PEV.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 7269 bytes
  5. Het wil maar niet lukken Ik krijg weer de melding dat ik de betreffende software al geïnstalleerd heb, krijg de vraag of ik het opnieuw wil installeren. Als ik dan op 'ja' klik, krijg ik deze melding "deze bewerking is alleen geldig voor producten die momenteel zijn geinstalleerd"...
  6. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:25:20, on 10-7-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\conime.exe C:\Windows\system32\notepad.exe C:\Windows\explorer.exe C:\Program Files\Spotify\spotify.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 7134 bytes
  7. Kreeg geen melding over opnieuw opstarten... Hierbij de logjes van beide programma's: ComboFix 11-07-08.03 - Chrissy 10-07-2011 11:36:35.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3002.1705 [GMT 2:00] Gestart vanuit: c:\users\Chrissy\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Chrissy\Desktop\CFScript.txt SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Chrissy\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe" "c:\windows\system32\REN5ABC.tmp" "c:\windows\system32\REN5B79.tmp" "c:\windows\system32\REN5B99.tmp" "c:\windows\system32\REN71B3.tmp" "c:\windows\system32\REN71C3.tmp" "c:\windows\system32\REN71C4.tmp" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Chrissy\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe c:\windows\system32\REN5ABC.tmp c:\windows\system32\REN5B79.tmp c:\windows\system32\REN5B99.tmp c:\windows\system32\REN71B3.tmp c:\windows\system32\REN71C3.tmp c:\windows\system32\REN71C4.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))) . . 2011-07-10 09:47 . 2011-07-10 09:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-29 16:26 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll 2011-06-26 10:01 . 2011-06-26 10:01 388096 ----a-r- c:\users\Chrissy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-19 07:37 . 2011-06-19 07:37 -------- d-----w- C:\PFiles 2011-06-17 15:28 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-17 15:28 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-17 15:28 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-17 15:28 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-17 15:28 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-13 07:49 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-06-12 01:39 . 2011-06-12 01:39 -------- d-----w- c:\program files\Windows Portable Devices 2011-06-12 01:21 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2011-06-12 01:21 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-06-12 01:21 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2011-06-12 01:19 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2011-06-12 01:18 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2011-06-12 01:18 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2011-06-12 01:18 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2011-06-12 01:18 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2011-06-12 01:18 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe 2011-06-12 01:18 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll 2011-06-12 01:12 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2011-06-12 01:12 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2011-06-12 01:12 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2011-06-12 01:12 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2011-06-12 01:08 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2011-06-12 01:08 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2011-06-12 01:08 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2011-06-12 01:08 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll 2011-06-12 01:08 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-06-12 01:08 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-06-12 01:08 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-06-12 01:08 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll 2011-06-12 01:08 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2011-06-12 01:08 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2011-06-12 01:08 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-06-12 01:08 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll 2011-06-12 01:03 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-06-12 01:03 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-06-12 01:03 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2011-06-12 01:00 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll 2011-06-11 11:59 . 2011-06-11 12:00 -------- d-----w- c:\windows\system32\ca-ES 2011-06-11 11:59 . 2011-06-11 12:00 -------- d-----w- c:\windows\system32\eu-ES 2011-06-11 11:59 . 2011-06-11 12:00 -------- d-----w- c:\windows\system32\vi-VN 2011-06-11 11:52 . 2009-06-03 18:43 483840 ------w- c:\windows\system32\stapi32.dll 2011-06-11 08:09 . 2011-06-11 08:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-09-12 14:02 3863136 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46735dee-f862-49d1-876d-6382794dc625}] 2010-09-12 14:02 3863136 ----a-w- c:\program files\PHPNukeDU\tbPHPN.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files\PHPNukeDU\tbPHPN.dll" [2010-09-12 3863136] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136] . [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{46735DEE-F862-49D1-876D-6382794DC625}"= "c:\program files\PHPNukeDU\tbPHPN.dll" [2010-09-12 3863136] . [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-28 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-02-01 126976] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-17 20:30 136176 ----atw- c:\users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-28 09:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-07-26 36640] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664] R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560] R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848] R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-23 365952] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 16:30] . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 16:30] . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604607851-1700961433-3217656771-1000Core.job - c:\users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-24 20:30] . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604607851-1700961433-3217656771-1000UA.job - c:\users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-24 20:30] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://nl.woofi.info IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-10 11:47 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2011-07-10 11:50:17 ComboFix-quarantined-files.txt 2011-07-10 09:50 ComboFix2.txt 2011-07-09 12:47 . Pre-Run: 135.654.645.760 bytes beschikbaar Post-Run: 135.634.681.856 bytes beschikbaar . - - End Of File - - 766589F4965DAEA6DC9CF2774A4CBD19 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:01:25, on 10-7-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\conime.exe C:\Windows\system32\notepad.exe C:\Windows\explorer.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Woofi O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 8300 bytes ---------- Post toegevoegd om 10:04 ---------- Vorige post was om 10:02 ---------- Kreeg geen melding over opnieuw opstarten... Hierbij de logjes van beide programma's: ComboFix 11-07-08.03 - Chrissy 10-07-2011 11:36:35.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3002.1705 [GMT 2:00] Gestart vanuit: c:\users\Chrissy\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Chrissy\Desktop\CFScript.txt SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Chrissy\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe" "c:\windows\system32\REN5ABC.tmp" "c:\windows\system32\REN5B79.tmp" "c:\windows\system32\REN5B99.tmp" "c:\windows\system32\REN71B3.tmp" "c:\windows\system32\REN71C3.tmp" "c:\windows\system32\REN71C4.tmp" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Chrissy\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe c:\windows\system32\REN5ABC.tmp c:\windows\system32\REN5B79.tmp c:\windows\system32\REN5B99.tmp c:\windows\system32\REN71B3.tmp c:\windows\system32\REN71C3.tmp c:\windows\system32\REN71C4.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))) . . 2011-07-10 09:47 . 2011-07-10 09:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-29 16:26 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll 2011-06-26 10:01 . 2011-06-26 10:01 388096 ----a-r- c:\users\Chrissy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-19 07:37 . 2011-06-19 07:37 -------- d-----w- C:\PFiles 2011-06-17 15:28 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-17 15:28 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-17 15:28 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-17 15:28 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-17 15:28 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-13 07:49 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-06-12 01:39 . 2011-06-12 01:39 -------- d-----w- c:\program files\Windows Portable Devices 2011-06-12 01:21 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2011-06-12 01:21 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-06-12 01:21 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2011-06-12 01:19 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2011-06-12 01:18 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2011-06-12 01:18 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2011-06-12 01:18 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2011-06-12 01:18 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2011-06-12 01:18 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe 2011-06-12 01:18 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll 2011-06-12 01:12 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2011-06-12 01:12 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2011-06-12 01:12 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2011-06-12 01:12 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2011-06-12 01:08 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2011-06-12 01:08 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2011-06-12 01:08 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2011-06-12 01:08 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll 2011-06-12 01:08 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-06-12 01:08 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-06-12 01:08 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-06-12 01:08 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll 2011-06-12 01:08 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2011-06-12 01:08 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2011-06-12 01:08 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-06-12 01:08 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll 2011-06-12 01:03 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-06-12 01:03 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-06-12 01:03 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2011-06-12 01:00 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll 2011-06-11 11:59 . 2011-06-11 12:00 -------- d-----w- c:\windows\system32\ca-ES 2011-06-11 11:59 . 2011-06-11 12:00 -------- d-----w- c:\windows\system32\eu-ES 2011-06-11 11:59 . 2011-06-11 12:00 -------- d-----w- c:\windows\system32\vi-VN 2011-06-11 11:52 . 2009-06-03 18:43 483840 ------w- c:\windows\system32\stapi32.dll 2011-06-11 08:09 . 2011-06-11 08:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-09-12 14:02 3863136 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46735dee-f862-49d1-876d-6382794dc625}] 2010-09-12 14:02 3863136 ----a-w- c:\program files\PHPNukeDU\tbPHPN.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files\PHPNukeDU\tbPHPN.dll" [2010-09-12 3863136] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136] . [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{46735DEE-F862-49D1-876D-6382794DC625}"= "c:\program files\PHPNukeDU\tbPHPN.dll" [2010-09-12 3863136] . [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-28 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-02-01 126976] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-17 20:30 136176 ----atw- c:\users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-28 09:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-07-26 36640] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664] R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560] R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848] R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-23 365952] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 16:30] . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 16:30] . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604607851-1700961433-3217656771-1000Core.job - c:\users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-24 20:30] . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604607851-1700961433-3217656771-1000UA.job - c:\users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-24 20:30] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://nl.woofi.info IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-10 11:47 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2011-07-10 11:50:17 ComboFix-quarantined-files.txt 2011-07-10 09:50 ComboFix2.txt 2011-07-09 12:47 . Pre-Run: 135.654.645.760 bytes beschikbaar Post-Run: 135.634.681.856 bytes beschikbaar . - - End Of File - - 766589F4965DAEA6DC9CF2774A4CBD19 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:01:25, on 10-7-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\conime.exe C:\Windows\system32\notepad.exe C:\Windows\explorer.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Woofi O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 8300 bytes
  8. Zie hier het resultaat: ComboFix 11-07-08.03 - Chrissy 09-07-2011 14:32:42.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3002.1842 [GMT 2:00] Gestart vanuit: c:\users\Chrissy\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\system32 c:\windows\system32\system32\cis-2.4.dll c:\windows\system32\system32\issacapi_bs-2.3.dll c:\windows\system32\system32\issacapi_pe-2.3.dll c:\windows\system32\system32\issacapi_se-2.3.dll c:\windows\system32\system32\MACXMLProto.dll c:\windows\system32\system32\MaDRM.dll c:\windows\system32\system32\MaJGUILib.dll c:\windows\system32\system32\MaJUtilLib.dll c:\windows\system32\system32\MAMACExtract.dll c:\windows\system32\system32\MASetupCaller.dll c:\windows\system32\system32\MASetupCleaner.exe c:\windows\system32\system32\MaXMLProto.dll c:\windows\system32\system32\MetaStore2.dll c:\windows\system32\system32\Microsoft.Synchronization.dll c:\windows\system32\system32\MK_Lyric.dll c:\windows\system32\system32\MSCLib.dll c:\windows\system32\system32\MSFLib.dll c:\windows\system32\system32\MSLUR71.dll c:\windows\system32\system32\msvcp60.dll c:\windows\system32\system32\MTTELECHIP.dll c:\windows\system32\system32\MTXSYNCICON.dll c:\windows\system32\system32\muzaf1.dll c:\windows\system32\system32\muzapp.dll c:\windows\system32\system32\muzapp.exe c:\windows\system32\system32\muzdecode.ax c:\windows\system32\system32\muzeffect.ax c:\windows\system32\system32\muzmp4sp.ax c:\windows\system32\system32\muzmpgsp.ax c:\windows\system32\system32\muzoggsp.ax c:\windows\system32\system32\muzwmts.dll c:\windows\system32\system32\psapi.dll c:\windows\system32\system32\Synchronization2.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2011-06-09 to 2011-07-09 )))))))))))))))))))))))))))))) . . 2011-07-09 12:43 . 2011-07-09 12:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-29 16:26 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll 2011-06-26 10:01 . 2011-06-26 10:01 388096 ----a-r- c:\users\Chrissy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-19 17:43 . 2011-06-19 17:43 0 ----a-w- c:\windows\system32\REN71C4.tmp 2011-06-19 17:43 . 2011-06-19 17:43 0 ----a-w- c:\windows\system32\REN71C3.tmp 2011-06-19 17:43 . 2011-06-19 17:43 0 ----a-w- c:\windows\system32\REN71B3.tmp 2011-06-19 07:37 . 2011-06-19 07:37 -------- d-----w- C:\PFiles 2011-06-17 15:28 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-17 15:28 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-17 15:28 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-17 15:28 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-17 15:28 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-13 07:49 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-06-12 01:39 . 2011-06-12 01:39 -------- d-----w- c:\program files\Windows Portable Devices 2011-06-12 01:21 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2011-06-12 01:21 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-06-12 01:21 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2011-06-12 01:19 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2011-06-12 01:18 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2011-06-12 01:18 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2011-06-12 01:18 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2011-06-12 01:18 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2011-06-12 01:18 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe 2011-06-12 01:18 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll 2011-06-12 01:12 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2011-06-12 01:12 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2011-06-12 01:12 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2011-06-12 01:12 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2011-06-12 01:08 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2011-06-12 01:08 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2011-06-12 01:08 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2011-06-12 01:08 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll 2011-06-12 01:08 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-06-12 01:08 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-06-12 01:08 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-06-12 01:08 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll 2011-06-12 01:08 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2011-06-12 01:08 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2011-06-12 01:08 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-06-12 01:08 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll 2011-06-12 01:03 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-06-12 01:03 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-06-12 01:03 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2011-06-12 01:00 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll 2011-06-11 11:59 . 2011-06-11 12:00 -------- d-----w- c:\windows\system32\ca-ES 2011-06-11 11:59 . 2011-06-11 12:00 -------- d-----w- c:\windows\system32\eu-ES 2011-06-11 11:59 . 2011-06-11 12:00 -------- d-----w- c:\windows\system32\vi-VN 2011-06-11 11:52 . 2009-06-03 18:43 483840 ------w- c:\windows\system32\stapi32.dll 2011-06-11 08:09 . 2011-06-11 08:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-15 12:49 . 2011-05-15 12:49 3584 ----a-r- c:\users\Chrissy\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2011-05-15 11:31 . 2011-05-15 11:31 0 ----a-w- c:\windows\system32\REN5B99.tmp 2011-05-15 11:31 . 2011-05-15 11:31 0 ----a-w- c:\windows\system32\REN5B79.tmp 2011-05-15 11:31 . 2011-05-15 11:31 0 ----a-w- c:\windows\system32\REN5ABC.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-09-12 14:02 3863136 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46735dee-f862-49d1-876d-6382794dc625}] 2010-09-12 14:02 3863136 ----a-w- c:\program files\PHPNukeDU\tbPHPN.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files\PHPNukeDU\tbPHPN.dll" [2010-09-12 3863136] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136] . [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{46735DEE-F862-49D1-876D-6382794DC625}"= "c:\program files\PHPNukeDU\tbPHPN.dll" [2010-09-12 3863136] . [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-28 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-02-01 126976] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-17 20:30 136176 ----atw- c:\users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-28 09:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-07-26 36640] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664] R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560] R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848] R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-23 365952] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 16:30] . 2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 16:30] . 2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604607851-1700961433-3217656771-1000Core.job - c:\users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-24 20:30] . 2011-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604607851-1700961433-3217656771-1000UA.job - c:\users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-24 20:30] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://nl.woofi.info IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} . - - - - ORPHANS VERWIJDERD - - - - . HKLM-Run-QPService - :c:\program files\HP\QuickPlay\QPService.exe HKLM-Run-UpdatePSTShortCut - :c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe HKLM-Run-UCam_Menu - :c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe HKLM-Run-QlbCtrl.exe - :c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe HKLM-Run-HP Health Check Scheduler - :c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-09 14:43 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2011-07-09 14:47:18 ComboFix-quarantined-files.txt 2011-07-09 12:47 . Pre-Run: 131.895.189.504 bytes beschikbaar Post-Run: 131.851.284.480 bytes beschikbaar . - - End Of File - - 8130FED4387C289117CAB97CCCCFB1FB
  9. Ik heb volgens mij AVG tijdelijk uitgeschakeld, maar krijg de melding dat Combofix niet geïnstalleerd kan worden zolang AVG op m'n computer staat ofzo? Krijg Combofix iig niet voor elkaar...
  10. Sorry, was even een paar dagen 'uit de lucht'. Had hem idd niet in de veilige modus als administrator uitgevoerd. Nu wel, hoop dat dit is wat je zoekt? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:19:20, on 7-7-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\helppane.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Woofi R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Woofi R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] :"C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [updatePSTShortCut] :"C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [uCam_Menu] :"C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [Windows Defender] :%ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] :C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] :c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9075 bytes
  11. Ok, nog een keer maar nu vanuit veilige modus... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:30:41, on 1-7-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Woofi R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Woofi R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] :"C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [updatePSTShortCut] :"C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [uCam_Menu] :"C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [Windows Defender] :%ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] :C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] :c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 8750 bytes
  12. Had het idd niet als administrator gedaan. Nu wel, zie hier het resultaat: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:06:34, on 30-6-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wuauclt.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Woofi R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Woofi R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] :"C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [updatePSTShortCut] :"C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [uCam_Menu] :"C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [Windows Defender] :%ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] :C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] :c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 10633 bytes
  13. Sorry voor de late reactie, ik was gisterenavond niet thuis... Nu de scans laten draaien. Dit komt er uit Malware: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 6961 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19088 29-6-2011 18:41:33 mbam-log-2011-06-29 (18-41-33).txt Scantype: Snelle scan Objecten gescand: 157736 Verstreken tijd: 8 minuut/minuten, 26 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\Users\Chrissy\Desktop\installer_sopcast_3_2_9_dutch.exe (PUP.SmsPay.PGen) -> Quarantined and deleted successfully. En dit uit Hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:50:14, on 29-6-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\IDT\WDM\sttray.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe C:\Windows\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Woofi R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] :"C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [updatePSTShortCut] :"C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [uCam_Menu] :"C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [Windows Defender] :%ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] :C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] :c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 10170 bytes
  14. Hierbij het logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:09:54, on 26-6-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spotify\spotify.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Windows\system32\wuauclt.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chrissy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe C:\Windows\system32\NOTEPAD.EXE c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Woofi R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Woofi R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Woofi R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] :"C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [updatePSTShortCut] :"C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [uCam_Menu] :"C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [Windows Defender] :%ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] :C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] :c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Chrissy\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; InfoPath.2; .NET4.0C; OfficeLiveConnector.1.5; OfficeLivePatch.1.3)" -"http://www.noobhotel.nl/client2.php" O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 11301 bytes Kreeg nog wel deze melding van het programma: For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijack Thil may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run and type: notepad C:\Windows\System32\drivers\etc\hosts and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts' (with quotes) and reboot. For Vista: simply exit HijackThis, rightclick on the HijackThis icon, choose 'Run as administrator'.
  15. Status is dat ik volledig de weg kwijt ben in Java-land... Heb dat CCleaner gedaan en probeer Java daarna opnieuw te downloaden & te installeren. Krijg dan weer de melding "This software had already been installed on your computer. Would you like to reinstall it?" Als ik dan op "yes" klik, krijg ik dit bericht van Windows Installer: "Deze bewerking is alleen geldig voor producten die momenteel zijn geïnstalleerd" en daarmee houdt het zo'n beetje op...
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.